Apache Httpd < 1.3.20 : Denial of service attack on Win32 and OS2

A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduce...

Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed

The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...

Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file

The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...

Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT

A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...

Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information

Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...

Apache Httpd < 1.3.11 : Mass virtual hosting security issue

A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...

CVE-1999-0236

The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...

CVE-1999-0071

CVE-1999-0071 affects the Apache httpd server prior to 1.1.2 (versions 1.1.1 and earlier) due to a cookie header buffer overflow. The root cause is a vulnerable handling of the HTTP Cookie header (too long name/value) that can cause the server to crash. Some connected sources describe the impact ...

CVE-2000-1206

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using modrewrite, or modvhostalias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files...

Apache Httpd < 1.3.2 : Multiple header Denial of Service vulnerability

A serious problem exists when a client sends a large number of headers with the same header name. Apache uses up memory faster than the amount of memory required to simply store the received data itself. That is, memory use increases faster and faster as more headers are received, rather than...

CVE-1999-0071

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier...

PT-1997-1036 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache httpd versions 1.1.1 and earlier Description: The issue is related to a cookie buffer overflow. Recommendations: For versions 1.1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - &#039;test-cgi&#039; Directory Listing

source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the character can occur under some...